Skip to main content

CryptPad CVE-2026-26028

| EUVDEUVD-2026-31154 MEDIUM
Improper Encoding or Escaping of Output (CWE-116)
2026-05-20 GitHub_M GHSA-g2g4-47gv-p72v
6.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
May 20, 2026 - 20:02 vuln.today
Analysis Generated
May 20, 2026 - 20:02 vuln.today
Patch available
May 20, 2026 - 20:02 EUVD

DescriptionGitHub Advisory

CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of <iframe>, <video>, and <audio> elements, leaving all other attributes unchecked. As a result, an attacker can inject arbitrary HTML through srcdoc, completely defeating CryptPad's intended bounce sandboxing and enabling link injection or other interactive content within user-controlled documents. The root cause lies in how the sanitizer classifies and enforces tag restrictions: although it defines both forbidden and restricted tag lists, <iframe> is treated as "restricted" rather than "forbidden." Enforcement then inspects only the src attribute, so pairing a benign blob: src with a malicious srcdoc results in unrestricted rendering. This issue has been fixed in version 2026.2.0.

AnalysisAI

HTML sanitizer bypass in CryptPad's Diffmarked.js allows remote unauthenticated attackers to inject arbitrary HTML into collaborative documents, completely defeating the platform's bounce sandboxing mechanism. All CryptPad versions prior to 2026.2.0 are affected; the CVSS scope change (S:C) reflects that exploitation crosses sandbox boundaries, enabling link injection and delivery of malicious interactive content to any user who opens a crafted document. No public exploit code has been identified at time of analysis and this CVE is not listed in CISA KEV, though the attack vector is network-accessible with no authentication required.

Technical ContextAI

CryptPad is an end-to-end encrypted collaborative office suite; Diffmarked.js is its HTML sanitizer component responsible for enforcing content security within user documents. The root cause is CWE-116 (Improper Encoding or Escaping of Output): the sanitizer defines both a 'forbidden' and a 'restricted' tag list, but incorrectly classifies <iframe>, <video>, and <audio> as 'restricted' rather than 'forbidden.' Enforcement logic for restricted tags inspects only the src attribute - requiring a benign blob: URL - while leaving all other attributes, including srcdoc, completely unchecked. The HTML srcdoc attribute allows an entire HTML document to be rendered inline inside an iframe, so pairing a blob: src (which passes the check) with a malicious srcdoc payload results in unrestricted HTML rendering. This bypasses CryptPad's intended bounce sandbox design, which relies on isolating untrusted content in sandboxed iframes. The affected CPE is cpe:2.3:a:cryptpad:cryptpad:*:*:*:*:*:*:*:* covering all versions prior to 2026.2.0.

RemediationAI

The primary fix is to upgrade CryptPad to version 2026.2.0 or later, which resolves the incomplete attribute filtering in Diffmarked.js. The patched release is confirmed at https://github.com/cryptpad/cryptpad/releases/tag/2026.2.0 and the security advisory is published at https://github.com/cryptpad/cryptpad/security/advisories/GHSA-g2g4-47gv-p72v. For self-hosted deployments that cannot immediately upgrade, a compensating control would be to restrict document sharing to trusted internal users only, limiting the attacker's ability to deliver crafted documents to targets - however, this trade-off significantly degrades collaboration functionality. Disabling the rich-text or markdown editor features that invoke Diffmarked.js would mitigate the attack surface but would render core document editing unusable. There is no partial patch or configuration flag available; upgrading to 2026.2.0 is the only fully effective remediation.

Share

CVE-2026-26028 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy